PKI Safety Net (PKISN): Addressing the Too-Big-to-Be-Revoked Problem of the TLS Ecosystem

In a public-key infrastructure (PKI), clients must have an efficient and secure way to determine whether a certificate was revoked (by an entity considered as legitimate to do so), while preserving user privacy. A few certification authorities (CAs) are currently responsible for the issuance of the large majority of TLS certificates. These certificates are considered valid only if the certificate of the issuing CA is also valid. The certificates of these important CAs are effectively too big to be revoked, as revoking them would result in massive collateral damage. To solve this problem, we redesign the current revocation system with a novel approach that we call PKI Safety Net (PKISN), which uses publicly accessible logs to store certificates (in the spirit of Certificate Transparency) and revocations. The proposed system extends existing mechanisms, which enables simple deployment. Moreover, we present a complete implementation and evaluation of our scheme.Comment: IEEE EuroS&P 201

Data Sharing Securely for Administrators of Dynamic Groups in Cloud

In recent year’s cloud computing is popularly increased day by day in the form of securing, updating, storing, sharing confidential data. Today’s condition about data security in cloud computing is very bad thing happens when people work on cloud for confidential company data. System provides scheme for secured data sharing when we use dynamic groups in an un-trusted clouds. In a system, users can share data in other groups without revealing identity privacy to the cloud. Efficient user revocation and new user joining is also supported by the system. Public revocation list is used for efficient user revocation without updating the private keys of the other users. New users before participation can decrypt directly. User within a group is identified by a group signature. Also public revocation list is used. System is a secure data sharing scheme in a multiple group policy. DOI: 10.17762/ijritcc2321-8169.15014

High Sensitive and Relevant Data Sharing with Secure and Low Time Consuming

Intermittent connection of networks and partition taken place frequently are likely to be suffered in military environments. Wireless devices are enabled in the network for accessing the confidential data with security by utilizing the storage nodes and alsothere is a communication with each other.Several privacy challenges andsecurity is based upon the attribute revocation and coordination of attributes issued from differentauthorities independentlywhich are introduced by the ABE scheme.For data encryption and decryption scalability is provided by ABE. In the case of encrypting the data, it is encrypted using certain polices and the attributes based upon the private keys and for decrypting the data it must possess some attributes that must match with the security policy that is applied in the particular data. The confidentiality of the stored data evenin the hostile area where key authorities are not fully trusted. In this paper, we demonstrate method of applying the proposed scheme in high sensitive and relevant data sharing with secure and low time consumin

Protocol design, implementation and integration for the protection of sensor data confidentiality and integrity

Wireless sensor networks are data centric because in many applications, sensor nodes are required to generate data, collect data, storage data and process data queries. Meanwhile, wireless sensor networks are vulnerable to security attacks because they are deployed in unattended (often hostile) environments and do not have tamper resistant hardware. Therefore, secure and efficient data management schemes are necessary to sensor networks. In this thesis work, we study how to secure a representative type of sensor data management approach called data centric storage based (DCS) schemes, with focus on protecting data confidentiality and integrity.;Considerable efforts have been made for securing DCS, however, existing work has the limitations of (i) not considering user node compromise, (ii) lack of studies on real system implementation and detailed experiments, and (iii) lack of studies on integrating security schemes to defend against multiple attacks simultaneously. To overcome these limitations, we have conducted the following research: Firstly, we have designed a new data confidentiality protocol called DKVP (data and key vulnerability protection) scheme to protect sensor data confidentiality in presence of user node compromise. Secondly, we have implemented three polynomial-based sensor data confidentiality and integrity protection schemes, namely, the adaptive polynomial-based scheme for secure data storage and query (APB), the message authentication function based schemes for data integrity (MAF), and the DKVP scheme, on top of TinyOS/Mote platform. Thirdly, we have developed a prototype system that consists of (i) integrated data confidentiality and integrity protection modules (i.e., the APB, MAF and DKVP schemes), (ii) effective and friendly interfaces to application developers to facilitate inclusion of security features into application programs, and (iii) example programs to demonstrate the integration suite developed by us.;Extensive experiments have been conducted to study the feasibility and performance of the above designs and implementations. The results show that, if system parameters are properly chosen, desired security level can be achieved which is cost affordable by the current generation of sensor nodes such as MICA motes. In particular, our study shows that running the three integrated protocols together consumes only 27 msec of processing time and 60% of CPU usage

Mergeable and revocable identity-based encryption

Identity-based encryption (IBE) has been extensively studied and widely used in various applications since Boneh and Franklin proposed the first practical scheme based on pairing. In that seminal work, it has also been pointed out that providing an efficient revocation mechanism for IBE is essential. Hence, revocable identity-based encryption (RIBE) has been proposed in the literature to offer an efficient revocation mechanism. In contrast to revocation, another issue that will also occur in practice is to combine two or multiple IBE systems into one system, e.g., due to the merge of the departments or companies. However, this issue has not been formally studied in the literature and the naive solution of creating a completely new system is inefficient. In order to efficiently address this problem, in this paper we propose the notion of mergeable and revocable identity-based encryption (MRIBE). Our scheme provides the first solution to efficiently revoke users and merge multiple IBE systems into a single system. The proposed scheme also has several nice features: when two systems are merged, there is no secure channel needed for the purpose of updating user private keys; and the size of the user private key remains unchanged when multiple systems are merged. We also propose a new security model for MRIBE, which is an extension of the security model for RIBE, and prove that the proposed scheme is semantically secure without random oracles